/*
 * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
 * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 */

package javax.security.auth.x500;

import java.io.*;
import java.security.Principal;
import java.util.Collections;
import java.util.Map;
import sun.security.x509.X500Name;
import sun.security.util.*;

/**
 * <p> This class represents an X.500 {@code Principal}.
 * {@code X500Principal}s are represented by distinguished names such as
 * "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US".
 *
 * <p> This class can be instantiated by using a string representation
 * of the distinguished name, or by using the ASN.1 DER encoded byte
 * representation of the distinguished name.  The current specification
 * for the string representation of a distinguished name is defined in
 * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253: Lightweight
 * Directory Access Protocol (v3): UTF-8 String Representation of
 * Distinguished Names</a>. This class, however, accepts string formats from
 * both RFC 2253 and <a href="http://www.ietf.org/rfc/rfc1779.txt">RFC 1779:
 * A String Representation of Distinguished Names</a>, and also recognizes
 * attribute type keywords whose OIDs (Object Identifiers) are defined in
 * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
 * Public Key Infrastructure Certificate and CRL Profile</a>.
 *
 * <p> The string representation for this {@code X500Principal}
 * can be obtained by calling the {@code getName} methods.
 *
 * <p> Note that the {@code getSubjectX500Principal} and
 * {@code getIssuerX500Principal} methods of
 * {@code X509Certificate} return X500Principals representing the
 * issuer and subject fields of the certificate.
 *
 * @see java.security.cert.X509Certificate
 * @since 1.4
 */
public final class X500Principal implements Principal, java.io.Serializable {

  private static final long serialVersionUID = -500463348111345721L;

  /**
   * RFC 1779 String format of Distinguished Names.
   */
  public static final String RFC1779 = "RFC1779";
  /**
   * RFC 2253 String format of Distinguished Names.
   */
  public static final String RFC2253 = "RFC2253";
  /**
   * Canonical String format of Distinguished Names.
   */
  public static final String CANONICAL = "CANONICAL";

  /**
   * The X500Name representing this principal.
   *
   * NOTE: this field is reflectively accessed from within X500Name.
   */
  private transient X500Name thisX500Name;

  /**
   * Creates an X500Principal by wrapping an X500Name.
   *
   * NOTE: The constructor is package private. It is intended to be accessed
   * using privileged reflection from classes in sun.security.*.
   * Currently referenced from sun.security.x509.X500Name.asX500Principal().
   */
  X500Principal(X500Name x500Name) {
    thisX500Name = x500Name;
  }

  /**
   * Creates an {@code X500Principal} from a string representation of
   * an X.500 distinguished name (ex:
   * "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US").
   * The distinguished name must be specified using the grammar defined in
   * RFC 1779 or RFC 2253 (either format is acceptable).
   *
   * <p>This constructor recognizes the attribute type keywords
   * defined in RFC 1779 and RFC 2253
   * (and listed in {@link #getName(String format) getName(String format)}),
   * as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS,
   * GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object
   * Identifiers (OIDs) are defined in RFC 3280 and its successor.
   * Any other attribute type must be specified as an OID.
   *
   * <p>This implementation enforces a more restrictive OID syntax than
   * defined in RFC 1779 and 2253. It uses the more correct syntax defined in
   * <a href="http://www.ietf.org/rfc/rfc4512.txt">RFC 4512</a>, which
   * specifies that OIDs contain at least 2 digits:
   *
   * <p>{@code numericoid = number 1*( DOT number ) }
   *
   * @param name an X.500 distinguished name in RFC 1779 or RFC 2253 format
   * @throws NullPointerException if the {@code name} is {@code null}
   * @throws IllegalArgumentException if the {@code name} is improperly specified
   */
  public X500Principal(String name) {
    this(name, Collections.<String, String>emptyMap());
  }

  /**
   * Creates an {@code X500Principal} from a string representation of
   * an X.500 distinguished name (ex:
   * "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US").
   * The distinguished name must be specified using the grammar defined in
   * RFC 1779 or RFC 2253 (either format is acceptable).
   *
   * <p> This constructor recognizes the attribute type keywords specified
   * in {@link #X500Principal(String)} and also recognizes additional
   * keywords that have entries in the {@code keywordMap} parameter.
   * Keyword entries in the keywordMap take precedence over the default
   * keywords recognized by {@code X500Principal(String)}. Keywords
   * MUST be specified in all upper-case, otherwise they will be ignored.
   * Improperly specified keywords are ignored; however if a keyword in the
   * name maps to an improperly specified Object Identifier (OID), an
   * {@code IllegalArgumentException} is thrown. It is permissible to
   * have 2 different keywords that map to the same OID.
   *
   * <p>This implementation enforces a more restrictive OID syntax than
   * defined in RFC 1779 and 2253. It uses the more correct syntax defined in
   * <a href="http://www.ietf.org/rfc/rfc4512.txt">RFC 4512</a>, which
   * specifies that OIDs contain at least 2 digits:
   *
   * <p>{@code numericoid = number 1*( DOT number ) }
   *
   * @param name an X.500 distinguished name in RFC 1779 or RFC 2253 format
   * @param keywordMap an attribute type keyword map, where each key is a keyword String that maps
   * to a corresponding object identifier in String form (a sequence of nonnegative integers
   * separated by periods). The map may be empty but never {@code null}.
   * @throws NullPointerException if {@code name} or {@code keywordMap} is {@code null}
   * @throws IllegalArgumentException if the {@code name} is improperly specified or a keyword in
   * the {@code name} maps to an OID that is not in the correct form
   * @since 1.6
   */
  public X500Principal(String name, Map<String, String> keywordMap) {
    if (name == null) {
      throw new NullPointerException
          (sun.security.util.ResourcesMgr.getString
              ("provided.null.name"));
    }
    if (keywordMap == null) {
      throw new NullPointerException
          (sun.security.util.ResourcesMgr.getString
              ("provided.null.keyword.map"));
    }

    try {
      thisX500Name = new X500Name(name, keywordMap);
    } catch (Exception e) {
      IllegalArgumentException iae = new IllegalArgumentException
          ("improperly specified input name: " + name);
      iae.initCause(e);
      throw iae;
    }
  }

  /**
   * Creates an {@code X500Principal} from a distinguished name in
   * ASN.1 DER encoded form. The ASN.1 notation for this structure is as
   * follows.
   * <pre>{@code
   * Name ::= CHOICE {
   *   RDNSequence }
   *
   * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
   *
   * RelativeDistinguishedName ::=
   *   SET SIZE (1 .. MAX) OF AttributeTypeAndValue
   *
   * AttributeTypeAndValue ::= SEQUENCE {
   *   type     AttributeType,
   *   value    AttributeValue }
   *
   * AttributeType ::= OBJECT IDENTIFIER
   *
   * AttributeValue ::= ANY DEFINED BY AttributeType
   * ....
   * DirectoryString ::= CHOICE {
   *       teletexString           TeletexString (SIZE (1..MAX)),
   *       printableString         PrintableString (SIZE (1..MAX)),
   *       universalString         UniversalString (SIZE (1..MAX)),
   *       utf8String              UTF8String (SIZE (1.. MAX)),
   *       bmpString               BMPString (SIZE (1..MAX)) }
   * }</pre>
   *
   * @param name a byte array containing the distinguished name in ASN.1 DER encoded form
   * @throws IllegalArgumentException if an encoding error occurs (incorrect form for DN)
   */
  public X500Principal(byte[] name) {
    try {
      thisX500Name = new X500Name(name);
    } catch (Exception e) {
      IllegalArgumentException iae = new IllegalArgumentException
          ("improperly specified input name");
      iae.initCause(e);
      throw iae;
    }
  }

  /**
   * Creates an {@code X500Principal} from an {@code InputStream}
   * containing the distinguished name in ASN.1 DER encoded form.
   * The ASN.1 notation for this structure is supplied in the
   * documentation for
   * {@link #X500Principal(byte[] name) X500Principal(byte[] name)}.
   *
   * <p> The read position of the input stream is positioned
   * to the next available byte after the encoded distinguished name.
   *
   * @param is an {@code InputStream} containing the distinguished name in ASN.1 DER encoded form
   * @throws NullPointerException if the {@code InputStream} is {@code null}
   * @throws IllegalArgumentException if an encoding error occurs (incorrect form for DN)
   */
  public X500Principal(InputStream is) {
    if (is == null) {
      throw new NullPointerException("provided null input stream");
    }

    try {
      if (is.markSupported()) {
        is.mark(is.available() + 1);
      }
      DerValue der = new DerValue(is);
      thisX500Name = new X500Name(der.data);
    } catch (Exception e) {
      if (is.markSupported()) {
        try {
          is.reset();
        } catch (IOException ioe) {
          IllegalArgumentException iae = new IllegalArgumentException
              ("improperly specified input stream " +
                  ("and unable to reset input stream"));
          iae.initCause(e);
          throw iae;
        }
      }
      IllegalArgumentException iae = new IllegalArgumentException
          ("improperly specified input stream");
      iae.initCause(e);
      throw iae;
    }
  }

  /**
   * Returns a string representation of the X.500 distinguished name using
   * the format defined in RFC 2253.
   *
   * <p>This method is equivalent to calling
   * {@code getName(X500Principal.RFC2253)}.
   *
   * @return the distinguished name of this {@code X500Principal}
   */
  public String getName() {
    return getName(X500Principal.RFC2253);
  }

  /**
   * Returns a string representation of the X.500 distinguished name
   * using the specified format. Valid values for the format are
   * "RFC1779", "RFC2253", and "CANONICAL" (case insensitive).
   *
   * <p> If "RFC1779" is specified as the format,
   * this method emits the attribute type keywords defined in
   * RFC 1779 (CN, L, ST, O, OU, C, STREET).
   * Any other attribute type is emitted as an OID.
   *
   * <p> If "RFC2253" is specified as the format,
   * this method emits the attribute type keywords defined in
   * RFC 2253 (CN, L, ST, O, OU, C, STREET, DC, UID).
   * Any other attribute type is emitted as an OID.
   * Under a strict reading, RFC 2253 only specifies a UTF-8 string
   * representation. The String returned by this method is the
   * Unicode string achieved by decoding this UTF-8 representation.
   *
   * <p> If "CANONICAL" is specified as the format,
   * this method returns an RFC 2253 conformant string representation
   * with the following additional canonicalizations:
   *
   * <ol>
   * <li> Leading zeros are removed from attribute types
   * that are encoded as dotted decimal OIDs
   * <li> DirectoryString attribute values of type
   * PrintableString and UTF8String are not
   * output in hexadecimal format
   * <li> DirectoryString attribute values of types
   * other than PrintableString and UTF8String
   * are output in hexadecimal format
   * <li> Leading and trailing white space characters
   * are removed from non-hexadecimal attribute values
   * (unless the value consists entirely of white space characters)
   * <li> Internal substrings of one or more white space characters are
   * converted to a single space in non-hexadecimal
   * attribute values
   * <li> Relative Distinguished Names containing more than one
   * Attribute Value Assertion (AVA) are output in the
   * following order: an alphabetical ordering of AVAs
   * containing standard keywords, followed by a numeric
   * ordering of AVAs containing OID keywords.
   * <li> The only characters in attribute values that are escaped are
   * those which section 2.4 of RFC 2253 states must be escaped
   * (they are escaped using a preceding backslash character)
   * <li> The entire name is converted to upper case
   * using {@code String.toUpperCase(Locale.US)}
   * <li> The entire name is converted to lower case
   * using {@code String.toLowerCase(Locale.US)}
   * <li> The name is finally normalized using normalization form KD,
   * as described in the Unicode Standard and UAX #15
   * </ol>
   *
   * <p> Additional standard formats may be introduced in the future.
   *
   * @param format the format to use
   * @return a string representation of this {@code X500Principal} using the specified format
   * @throws IllegalArgumentException if the specified format is invalid or null
   */
  public String getName(String format) {
    if (format != null) {
      if (format.equalsIgnoreCase(RFC1779)) {
        return thisX500Name.getRFC1779Name();
      } else if (format.equalsIgnoreCase(RFC2253)) {
        return thisX500Name.getRFC2253Name();
      } else if (format.equalsIgnoreCase(CANONICAL)) {
        return thisX500Name.getRFC2253CanonicalName();
      }
    }
    throw new IllegalArgumentException("invalid format specified");
  }

  /**
   * Returns a string representation of the X.500 distinguished name
   * using the specified format. Valid values for the format are
   * "RFC1779" and "RFC2253" (case insensitive). "CANONICAL" is not
   * permitted and an {@code IllegalArgumentException} will be thrown.
   *
   * <p>This method returns Strings in the format as specified in
   * {@link #getName(String)} and also emits additional attribute type
   * keywords for OIDs that have entries in the {@code oidMap}
   * parameter. OID entries in the oidMap take precedence over the default
   * OIDs recognized by {@code getName(String)}.
   * Improperly specified OIDs are ignored; however if an OID
   * in the name maps to an improperly specified keyword, an
   * {@code IllegalArgumentException} is thrown.
   *
   * <p> Additional standard formats may be introduced in the future.
   *
   * <p> Warning: additional attribute type keywords may not be recognized
   * by other implementations; therefore do not use this method if
   * you are unsure if these keywords will be recognized by other
   * implementations.
   *
   * @param format the format to use
   * @param oidMap an OID map, where each key is an object identifier in String form (a sequence of
   * nonnegative integers separated by periods) that maps to a corresponding attribute type keyword
   * String. The map may be empty but never {@code null}.
   * @return a string representation of this {@code X500Principal} using the specified format
   * @throws IllegalArgumentException if the specified format is invalid, null, or an OID in the
   * name maps to an improperly specified keyword
   * @throws NullPointerException if {@code oidMap} is {@code null}
   * @since 1.6
   */
  public String getName(String format, Map<String, String> oidMap) {
    if (oidMap == null) {
      throw new NullPointerException
          (sun.security.util.ResourcesMgr.getString
              ("provided.null.OID.map"));
    }
    if (format != null) {
      if (format.equalsIgnoreCase(RFC1779)) {
        return thisX500Name.getRFC1779Name(oidMap);
      } else if (format.equalsIgnoreCase(RFC2253)) {
        return thisX500Name.getRFC2253Name(oidMap);
      }
    }
    throw new IllegalArgumentException("invalid format specified");
  }

  /**
   * Returns the distinguished name in ASN.1 DER encoded form. The ASN.1
   * notation for this structure is supplied in the documentation for
   * {@link #X500Principal(byte[] name) X500Principal(byte[] name)}.
   *
   * <p>Note that the byte array returned is cloned to protect against
   * subsequent modifications.
   *
   * @return a byte array containing the distinguished name in ASN.1 DER encoded form
   */
  public byte[] getEncoded() {
    try {
      return thisX500Name.getEncoded();
    } catch (IOException e) {
      throw new RuntimeException("unable to get encoding", e);
    }
  }

  /**
   * Return a user-friendly string representation of this
   * {@code X500Principal}.
   *
   * @return a string representation of this {@code X500Principal}
   */
  public String toString() {
    return thisX500Name.toString();
  }

  /**
   * Compares the specified {@code Object} with this
   * {@code X500Principal} for equality.
   *
   * <p> Specifically, this method returns {@code true} if
   * the {@code Object} <i>o</i> is an {@code X500Principal}
   * and if the respective canonical string representations
   * (obtained via the {@code getName(X500Principal.CANONICAL)} method)
   * of this object and <i>o</i> are equal.
   *
   * <p> This implementation is compliant with the requirements of RFC 3280.
   *
   * @param o Object to be compared for equality with this {@code X500Principal}
   * @return {@code true} if the specified {@code Object} is equal to this {@code X500Principal},
   * {@code false} otherwise
   */
  public boolean equals(Object o) {
    if (this == o) {
      return true;
    }
    if (o instanceof X500Principal == false) {
      return false;
    }
    X500Principal other = (X500Principal) o;
    return this.thisX500Name.equals(other.thisX500Name);
  }

  /**
   * Return a hash code for this {@code X500Principal}.
   *
   * <p> The hash code is calculated via:
   * {@code getName(X500Principal.CANONICAL).hashCode()}
   *
   * @return a hash code for this {@code X500Principal}
   */
  public int hashCode() {
    return thisX500Name.hashCode();
  }

  /**
   * Save the X500Principal object to a stream.
   *
   * @serialData this {@code X500Principal} is serialized by writing out its DER-encoded form (the
   * value of {@code getEncoded} is serialized).
   */
  private void writeObject(java.io.ObjectOutputStream s)
      throws IOException {
    s.writeObject(thisX500Name.getEncodedInternal());
  }

  /**
   * Reads this object from a stream (i.e., deserializes it).
   */
  private void readObject(java.io.ObjectInputStream s)
      throws java.io.IOException,
      java.io.NotActiveException,
      ClassNotFoundException {

    // re-create thisX500Name
    thisX500Name = new X500Name((byte[]) s.readObject());
  }
}
